S M Software Solutions Inc

RQ00172 - Security Specialist - Senior

Toronto, ON, Canada
Contracted
Experienced
We are reaching you out to bring an incredible job opportunity to your attention, one that will truly captivate your interest.
Kindly send the following documents to  [email protected] Wednesday, September 18 at 2:55 P.M. EST. if that interests you and matches your profile.

Apply Online
https://www.smsoftconsulting.com/Job_Detail/ON-RQ00172-Security-Specialist-Senior/?id=CfDJ8KFefCI9gV5LjM0pLLbv24IMnugd97GJqeygphIym_4q1PjRrDnsmMBB97_w77fulj-LXbCgXSrfQzHJqbtih3n2i8nReoxp9NoKrH4mUc1jP3m4DcwllIAgCFYWMZaSJg

For daily updates you can also join our Whatsapp group: Please use this link below to join 👇
CLICK HERE
Documents that are required is updated Resume in word format, Expected hourly rate & Qualification Matrix
Job Title:RQ00172 - Security Specialist - SeniorStart Date: 2024-10-10
Client: Supply OntarioEnd Date: 2025-03-31
Work Location:  525 University Avenue, Ontario.#Business Days: 125.00
Job Type:HybridHours per day or Week: 7.25 hours per day (5 Days)
 
Must Haves:
  • 5+ years’ experience in various security domains including third-party risk management, IT audits and/or Security Governance, Risk and Compliance (GRC
  • Knowledge of prevalent industry standards (ISO 27001/27002, NIST, CIS, COBIT)
  • 3+ years' experience in Threat risk assessment methodologies (TRA) such as HTRA and CSF, and frameworks such as NIST and ISO 27001/2
  • Experience in writing and presenting subject matter information that is both comprehensive and easy to understand.
  • Experience and working knowledge of risk management lifecycle, processes, and concepts
  • Demonstrated experience with presenting materials to large audience
 
Description:
Background Information:
  • We need Senior Security specialist resource to perform Threat risk assessment and other security assessment for various Cancer Care Programs by analysing the security requirements, compliance to Ontario Health policies and various Threat scenarios. Take a subject matter expert role in various security risk management initiatives and providing security expertise, facilitating collaboration and performing Risk Assessment for various projects, products, applications and services within Ontario Health and external vendors using NIST CSF.
Responsibilities:
  • Take a subject matter expert role in various security risk management initiatives and providing security expertise, facilitating collaboration and performing Risk Assessment for various projects / products / applications and services within OH and external vendors using NIST CSF.
  • Analyze proposed solution architectures, technology, design and IT development processes to identify potential threats and vulnerabilities, and to recommend options that enhance the security of solutions and business processes. Identify, analyze, and recommend options for risk management at appropriate levels within the enterprise and the health care sector.
  • Present topic areas and relevant security materials to product and digital solution groups.
  • Consult with members and teams in Ontario Health to implement recommended security policies and related controls.
  • Track the security control implementation and working through Risk Treatment plans.
  • Coordinate internal and external information security initiatives as a subject matter expert to reach feasible security solutions for issues across the health care sector.
  • Take a leading role in offensive security practices and provide guidance to the teams with methodologies, tools, and processes. 
  • Contribute to the ongoing development and maturing of the OH security program, consulting and assurance practices.
  • Demonstrate the ability to effectively negotiate and resolve conflicts with individuals or teams in a professional and collaborative manner.
  • Utilize strong communication and negotiation skills to effectively persuade individuals with differing perspectives and conflicting interests towards a mutually beneficial resolution on a regular basis.
  • Implement tools and processes to manage workflow and materials related to the information security risk management.
  • Stay abreast of any changes to industry best practices or legislative regulations and assess the resulting impact to the organization.
  • Deep knowledge of the methodologies, frameworks, and processes in Information Security domain.
  • Good Experience in conducting Threat Risk Assessments using various Framework / Methodologies / Standards such as (NIST / HTRA / ISO).
  • Risk management models for assessing and mitigating various aspects of risk exposure.
  • Generate risk maps to help, guide the risk owners and keep the stakeholders in the communication.
Desired Skills:
  • Experience in writing and presenting subject matter information that is both comprehensive and easy to understand.
  • Experience and working knowledge of risk management lifecycle, processes, and concepts.
  • Working knowledge of GRC tools used to support security governance. Working knowledge and expertise in the Personal Health Information Protection Act (PHIPA) is an asset.
  • Working experience in security architecture domain
Required Skills:
  • Strong understanding and ability to interpret and communicate risk management concepts.
  • Deep Understanding of typical security threats, vulnerabilities and safeguards relevant to application development, test and QA environments, and IT (datacenter) operations.
  • Good experience & knowledge of TRA methodologies and other risk assessment methodologies and tools, and familiarity with related security tests and test methodologies
  • An adept team player who is action oriented, with a record of accomplishment of motivating other team members to achieve higher goals and improving the impact of technology initiatives.
 
Deliverables:
  • Perform Threat Risk Assessments on products, applications, systems and processes.
  • Analyze proposed solution architectures, technology, design and IT development processes to identify potential threats and vulnerabilities, and to recommend options that enhance the security of solutions and business processes.
 
Evaluation Criteria: 
  • 5+ years’ experience in various security domains including third-party risk management, IT audits and/or Security Governance, Risk and Compliance (GRC): 20 Points
  • Experience in Threat risk assessment methodologies (TRA) such as HTRA and CSF, and frameworks such as NIST and ISO 27001/2: 25 Points
  • Experience and working knowledge of risk management lifecycle, processes, and concepts: 15 Points
  • Experience in Cloud Operations and understanding the areas of concern or risks that are specific to the cloud operations: 20 Points
  • Experience & Knowledge of security architecture framework and embedded security principles: 20 Points
 
Notes:
This position is currently listed as "Hybrid". The resource under this request will be required to work onsite as per Hiring Manager sole discretion.
Ontario Health assets including laptops and related equipment cannot be removed from the province of Ontario without prior written approval from Ontario Health.
Location: Hybrid – up to 3 days a week onsite
Public Sector Experience: Not required

 
Share

Apply for this position

Required*
Apply with Indeed
We've received your resume. Click here to update it.
Attach resume or Paste resume
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Human Check*